[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

Disable username/password dialog when accessing internal Web site.

We have an internal Web site setup on IIS 6.0; we restrict access through NTFS permissions. The Web site is using integrated authentication. Users that do not have access to this Web site are being prompted for a username and password. Is there anyway to disable this prompt? We are using IE7.
0
illfusion82
Asked:
illfusion82
  • 9
  • 8
1 Solution
 
Moomin83Commented:
Hi, just a couple of questions:
Does the internal website integrate with any type of DB, ie MySQL or MSSQL?
Do you require the users that do not have access to be redirected to a page stating they do not have access or just not load the page?
0
 
Moomin83Commented:
Alternatively, depending on the amount of users that do not have access you could try the following.
In IIS6.0 right click on the web site in question and select "Properties".
  Step 1In the properties box, navigate to "Directory Security" and select "Edit" in the "IP address and domain name restrictions" area.
 Step 2Ensure the "By default, all computers will be: Granted access". Proceed by selecting "Add..." (You will follow this step if the users without access is less than users with access - if not true do other way around)
 Step 3Enter DNS name.
 Step 4Will look something like this.
 Step 5Restricted user will receive a prompt like below then.
 Step 6
0
 
illfusion82Author Commented:
The Web site is using an Microsoft Access database. Yes, I the web page will redirect to a page stating the user does not have access. Restricting by IP address will not work for us; we need to do it per user.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Moomin83Commented:
Unfortunately I only know how to perform a redirect on IIS 6.0 when access is controlled by the DB, and the redirect is done in code.
0
 
Moomin83Commented:
Hi illfusion82

Have you been able to resolve this problem as yet? I would love to know how if you did - knowledge expansion.
0
 
illfusion82Author Commented:
Not yet..still working on it.
0
 
illfusion82Author Commented:
How would you do the redirect in code when access is controlled in the database?
0
 
Moomin83Commented:
Hi
I will reply with the required info in the morning.
0
 
Moomin83Commented:
Sorry for the delay.


When navigating to a site, the first function that runs, is the page_load function, here we usually setup all the conditions, for instance user access.
To give an example, from the get-go a function is called to retrieve information from the user’s table where you’ll have a field for the specific access set to true or false, the code looks at what the user’s user id is, then looks the id up in the database.
Based on the value returned, you can fire more functions and load the full page, or display an error message that notifies the user of the invalid access, and nothing will load further on the page.

This depends on how your website / Application is written and various other features. Remember that all my comments are based on websites that operate on Integrated Authentication (Windows) and where in my DB I have a table called "User table" (example) and the Website queries that table when allowing access or not

HTH
0
 
illfusion82Author Commented:
Thanks, I will test this out and let you know how it goes.
0
 
Moomin83Commented:
Hi illfusion82,

Just checking in to see if you were able to resolve this problem?

Kind regards
0
 
illfusion82Author Commented:
I have been busy. I will try next week.
0
 
illfusion82Author Commented:
Do you have some sample code or a link to a site that has a good example of how to implement this solution?
0
 
Moomin83Commented:
This is what gets called when opening the page for the first time

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles       MyBase.Load

If Access() = False then

lblAccessMessage.Visible = True

exit sub

Open in new window


If the access is false then no further action takes place.

else

load rest of page

end if

End Sub

Open in new window






   
Private Function Access() As Boolean
        Dim blnCreated As Boolean
        Dim blnHasAccess As Boolean
        Dim strUserID As String

        Try
            If Not lblUserID.Text = vbNullString Then

Open in new window


                     This retrieves userid  that is in session
               
strUserID = lblUserID.Text

                CreateDBConn(blnCreated)

Open in new window


                     This calls a function that verifies what the user's access status is
             
  objDBUtils.strSQL = objData.GetSQLUserHasViewAccess(Convert.ToInt32(strUserID))
                objDBUtils.GetDataSet(dsDS, "ViewAccess", "ViewAccess")

Open in new window

                   
                   
               
 If dsDS.Tables("ViewAccess").Rows.Count > 0 Then
                    blnHasAccess = Convert.ToBoolean(dsDS.Tables("ViewAccess").Rows(0).Item(1).ToString())
                    Session("ViewAccess") = blnHasAccess
                Else
                    blnHasAccess = False
                    Session("ViewAccess") = False
                End If

                If blnHasAccess Then
                    lblDealerViewAccess.Text = "True"
                Else
                    lblDealerViewAccess.Text = ""
                End If

                Return blnHasAccess

            End If

        Catch ex As Exception
            DisplayError("DealersViewAccess: " & ex.Message, lblAccessMessage)

        Finally
            DestroyObjects(blnCreated)
            dsDS = Nothing

        End Try

    End Function

Open in new window



             This is the class that gets called to verify access in the DB

   
 Public Function GetSQLUserHasViewAccess(ByRef intUserID As Integer) As String

        GetSQLUserHasViewAccess = "Select UserID, ViewAccess from tblIntUsers "
        GetSQLUserHasViewAccess &= "WHERE UserID = " & intUserID

    End Function

Open in new window




HTH
0
 
illfusion82Author Commented:
Thanks Moomin83,

I was able to figure out another way to get rid of the prompt. Instead of denying permissions to the whole virtual directory in IIS, I gave read access to all users. I then denied access to the database contained in one of the sub directories for users I did not want to be able to logon to the Web page. Instead of prompting for a username and password, this generated a 500 internal server error. I then created a custom error page for this error.

Thank you for all your help.
0
 
illfusion82Author Commented:
I was able to figure out another way to get rid of the prompt. Instead of denying permissions to the whole virtual directory in IIS, I gave read access to all users. I then denied access to the database contained in one of the sub directories for users I did not want to be able to logon to the Web page. Instead of prompting for a username and password, this generated a 500 internal server error. I then created a custom error page for this error.

I have granted you the points anyways, since your way would have worked also.
0
 
Moomin83Commented:
Hi

Glad all worked out for you. :)
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now